区块链上基于云辅助的密文策略属性基数据共享加密方案

针对云存储的集中化带来的数据安全和隐私保护问题,该文提出一种区块链上基于云辅助的密文策略属性基(CP-ABE)数据共享加密方案.该方案采用基于属性加密技术对加密数据文件的对称密钥进行加密,并上传到云服务器,实现了数据安全以及细粒度访问控制;采用可搜索加密技术对关键字进行加密,并将关键字密文上传到区块链(BC)中,由区块链进行关键字搜索保证了关键字密文的安全,有效地解决现有的云存储共享系统所存在的安全问题.该方案能够满足选择明文攻击下的不可区分性、陷门不可区分性和抗串联性.最后,通过性能评估,验证了该方案的有效性.     

加密邮件系统中基于身份的可搜索加密方案

在加密邮件系统中,公钥可搜索加密技术可以有效地解决在不解密的情况下搜索加密邮件的问题。针对公钥可搜索加密复杂的密钥管理问题,该文在加密邮件系统中引入了基于身份的密码体制。针对可搜索加密的离线关键字猜测攻击问题,该文采用了在加密关键字和生成陷门的同时进行认证,并且指定服务器去搜索加密电子邮件的方法。同时,在随机预言机模型下,基于判定性双线性Diffie-Hellman假设,证明方案满足陷门和密文不可区分性安全。数值实验结果表明,在陷门生成和关键字密文检测阶段,该方案与现有方案相比在计算效率上较高。     

区块链上基于B+树索引结构的密文排序搜索方案

为了克服云存储不可信及云存储中密文检索效率低的问题,该文提出区块链上基于B+树的密文排序可搜索加密方案。该方案结合区块链技术解决了在互不了解的多方建立可靠信任的问题;使用向量空间模型降低了文本的复杂性实现了高效的文本检索系统;采用B+树的索引结构提高了区块链上密文交易的检索速度;利用加权统计(TF-IDF)算法实现了多关键词查询结果的排序。在随机预言机模型下,证明该方案是适应性不可区分安全的,通过效率对比分析,表明该方案在区块链上实现了高效的密文检索。     

指定测试者的基于身份可搜索加密方案

对指定测试者的基于身份可搜索加密(dIBEKS)方案进行了研究。指出Tseng等人所提dIBEKS方案并不是完全定义在基于身份密码系统架构上,而且方案不能满足dIBEKS密文不可区分性。首次提出了基于身份密码系统下的指定测试者可搜索加密方案的定义和安全需求,并设计了一个高效的dIBEKS新方案。证明了dIBEKS密文不可区分性是抵御离线关键字猜测攻击的充分条件,并证明了新方案在随机预言模型下满足适应性选择消息攻击的dIBEKS密文不可区分性、陷门不可区分性,从而可以有效抵御离线关键字猜测攻击。     

基于身份的具有否认认证的关键字可搜索加密方案

云存储技术的发展实现了资源共享,为用户节省了数据管理开销.可搜索加密技术,既保护用户隐私又支持密文检索,方便了用户查找云端密文数据.现有的公钥关键字可搜索加密方案虽然支持身份认证,但未实现否认的属性.为了更好地保护发送者的身份隐私,该文将否认认证与公钥关键字可搜索加密技术相结合,提出一种基于身份的具有否认认证的关键字可...     

基于区块链的支持访问控制的可搜索加密方案

区块链技术因其分布式、去中心化、不可篡改等特点在多个领域得到广泛应用.然而,这些特点同时带来了大量的数据冗余与计算冗余,不能很好地适应区块链在数据规模较大的实际业务场景下的应用.针对链上数据容量较小的问题,设计了一种基于区块链的数据链上链下混合存储架构,利用云存储实现大规模数据外包存储功能;采用对称加密技术、可搜索加密...     

具有隐私保护的细粒度智能家居远程数据安全更新方案

针对现存智能家居软件更新方案中存在的粗粒度访问控制、单点服务失效、用户解密效率低下等问题,该文提出一种具有隐私保护的细粒度智能家居远程数据安全更新方案。该方案通过属性基加密技术实现了细粒度访问控制,并结合区块链和星际文件系统(IPFS)技术对数据进行存储。通过对访问策略进行隐藏,构造出一种策略隐藏的密文策略基于属性加密(CP-ABE)算法,进一步保护了用户的隐私。此外,通过设计面向轻量级用户的外包解密算法,所提方案有效减轻了轻量级用户的计算负担,并结合区块链和智能合约技术实现了外包解密过程的公平支付。最后,基于判定的双线性迪菲赫尔曼 (DBDH)假设,证明了所提方案是选择明文攻击下的不可区分 (IND-CPA)安全的。仿真实验结果表明,所提方案与现有方案相比终端用户解密成本和通信开销明显降低。     

基于区块链的多授权密文策略属性基等值测试加密方案

针对云环境下密文策略属性基加密方案中存在的密文检索分类困难与依赖可信第三方等问题,本文提出了一种基于区块链的多授权密文策略属性基等值测试加密方案．利用基于属性的等值测试技术,实现了支持属性级灵活授权的云端数据检索和分类机制,降低了数据用户对重复数据解密的计算开销．结合多授权属性基加密机制和区块链技术,实现了去中心化用户密钥生成．采用多属性授权机构联合分发密钥,有效抵抗用户和属性授权机构的合谋攻击．引入区块链和智能合约技术,消除了现有密文策略属性基密文等值测试方案中等值测试、数据存储与外包解密操作对可信云服务器的依赖．利用外包服务器执行部分解密计算,降低了用户本地的计算开销．将原始数据哈希和验证参数上传至区块链,保障外包服务器解密结果正确性和云端数据完整性．在随机预言模型下,基于判定性qparallel Bilinear Diffie-Hellman Exponent困难问题证明了本文方案在选择密文攻击下的单向性．与同类方案相比较,本文方案支持更多的安全属性,并具有较低的计算开销．     

基于区块链技术的光通信网络数据加密方法设计

为提升光通信网络数据传输的安全性,设计基于区块链技术的光通信网络数据加密方法。密钥生成中心生成公钥与私钥,数据加密单元结合密钥生成中心生成的公钥加密数据,得到数据密文,用户使用私钥解密云服务器存储的数据密文,获取光通信网络数据明文;加密单元利用对称加密算法,结合密钥生成中心生成的公钥,加密光通信网络数据,通过支持多关键字检索的公钥加密算法,加密关键字,利用基于格的密文策略属性基加密算法,加密数据索引,实现数据加密。实验证明：该方法可有效加密光通信网络数据;在不同类型网络攻击下,该方法加密数据的安全性均较高;在不同数据属性与关键字数量时,该方法的加密效率均较快。     

基于区块链且支持验证的属性基搜索加密方案

针对一对多搜索模型下共享解密密钥缺乏细粒度访问控制且搜索结果缺乏正确性验证的问题,提出了一种基于区块链且支持验证的属性基搜索加密方案。通过对共享密钥采用密文策略属性加密机制,实现细粒度访问控制。结合以太坊区块链技术,解决半诚实且好奇的云服务器模型下返回搜索结果不正确的问题,在按需付费的云环境下,实现用户和云服务器之间服务-支付公平,使各方诚实地按照合约规则执行。另外,依据区块链的不可篡改性,保证云服务器得到服务费,用户得到正确的检索结果,而不需要额外验证,减少用户计算开销。安全性分析表明,所提方案满足自适应选择关键词语义安全,能很好地保护用户的隐私以及数据的安全。性能对比及实验结果表明,所提方案在安全索引产生、搜索令牌生成、检索效率以及交易数量方面有一定的优化,更加适用于智慧医疗等一对多搜索场景。     

Electronic medical record data sharing scheme based on searchable encryption via consortium blockchain

Considering that it was difficult to share medical record data among different medical institutions in cloud storage,an electronic medical record data sharing scheme based on searchable encryption on blockchain was proposed.In order to realize the secure storage and sharing of electronic medical records in the scheme,the patient’s electronic medical record ciphertext was stored in the hospital server,the ciphertext hash value was stored in the private blockchain,and the keyword index was stored in the consortium blockchain.Searchable encryption was used to implement secure search of keywords in the consortium blockchain,and proxy re-encryption technology was used to realize the sharing of electronic medical records of patients by other data users.Security analysis shows that the proposed scheme can achieve ciphertext security and keyword security.Moreover,the performance of the scheme was analyzed by function analysis,computational efficiency analysis and numerical simulation.The performance analysis shows that the scheme can achieve high computational efficiency.     

Multiuser access control searchable privacy‐preserving scheme in cloud storage

Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users.     

基于区块链的多关键词模糊搜索加密方案

针对1对多数据密文共享中多关键词模糊匹配和用户公平性问题,该文提出一种基于区块链的多关键词模糊搜索加密方案。该文提出一种R-HashMap索引结构,通过使用对偶编码函数和位置敏感哈希函数来构建安全索引,并采用K最近邻算法来加密索引,通过计算欧式距离度量查询关键词向量与索引节点之间的相似性,实现多关键词模糊密文搜索。该文除了消除预定义词典和降低存储开销外,还在不增加搜索复杂度的前提下实现对安全索引的更新。此外,将以太坊区块链技术与可搜索加密方案相结合避免了恶意服务器对数据的篡改,使用智能合约作为可信第三方进行检索工作,不仅可以防止云服务器内部的关键词猜测攻击,还可以解决检索结果不正确的问题。通过安全性证明分析,该文不但满足自适应选择关键词语义安全性,还可以保护用户隐私和数据安全。将该文与其他方案进行实验对比,证明该文在保证精确度的前提下,时间开销上具有更好的效率优势。     

基于f-mOPE的数据库密文检索方案

在云数据库环境下,为保证云存储数据的安全性,通常将数据加密存储。针对加密存储数据查询开销大,不支持密文排序,查询等缺点,该文提出一种 f-mOPE数据库密文检索方案。该方案基于可变保序编码(mOPE),采用二叉排序树数据结构思想,生成明文一一对应的保序编码;基于AES加密方案将数据明文转化为密文存储;采用改进的部分同态加密算法提升保序加密方案的安全性。通过安全性分析及实验结果表明,该方案在保证数据隐私的基础上,不但能抵御统计型攻击,而且能够有效地降低服务器计算开销,提高数据库处理效率。     

A based on blinded CP‐ABE searchable encryption cloud storage service scheme

Cloud computing has great economical advantages and wide application, more and more data owners store their data in the cloud storage server (CSS) to avoid tedious local data management and insufficient storage resources. But the privacy of data owners faces enormous challenges. The most recent searchable encryption technology adopts the ciphertext‐policy attribute‐based encryption (CP‐ABE), which is one good method to deal with this security issue. However, the access attributes of the users are transmitted and assigned in plaintext form. In this paper, we propose a based on blinded CP‐ABE searchable encryption cloud storage service (BCP‐ABE‐SECSS) scheme, which can blind the access attributes of the users in order to prevent the collusion attacks of the CSS and the users. Data encryption and keyword index generation are performed by the data owners; meanwhile, we construct that CSS not only executes the access control policy of the data but also performs the pre‐decryption operation about the encrypted data to solve higher time cost of decryption calculation to the data users. Security proof results show that this scheme has access attribute security, data confidentiality, indistinguishable security against chosen keyword attack, and resisting the collusion attack between the data user and the CSS. Performance analysis and the experimental results show that this scheme can effectively reduce the computation time cost of the data owners and the data users.     

Chaotic map‐based time‐aware multi‐keyword search scheme with designated server

The cloud storage service has been widely used in daily life because of its convenience. However, the service frequently suffers confidentiality problems. To address this problem, some efforts have been made on keyword search over encrypted data schemes. For instance, the chaotic‐based keyword search scheme over encrypted data has been proposed recently. However, the scheme just only support single‐ keyword search each time, which severely limits its utilization in cloud storage. This article proposes a novel chaotic‐based time‐aware multi‐keyword search scheme with designated server. Inner product similarity is adopted in our scheme to realize multiple keyword search and remove the constraint of single‐keyword search each time. Timed‐release encryption is integrated into the proposed scheme at the same time, which enables the data sender to specify the time when the cloud servers can search the encrypted data. Analysis indicates that our scheme not only can counter off‐line guessing attacks to the ciphertext and trapdoor, but also supports ranked search with a reasonable computational cost. Copyright © 2015 John Wiley & Sons, Ltd.     

Trapdoor Security Lattice-Based Public-Key Searchable Encryption with a Designated Cloud Server

Cloud storage technique has becoming increasingly significant in cloud service platform. Before choosing to outsource sensitive data to the cloud server, most of cloud users need to encrypt the important data ahead of time. Recently, the research on how to efficiently retrieve the encrypted data stored in the cloud server has become a hot research topic. Public-key searchable encryption, as a good candidate method, which enables a cloud server to search on a collection of encrypted data with a trapdoor from a receiver, has attracted more researchers’ attention. In this paper, we propose the frist efficient lattice-based public-key searchable encryption with a designated cloud server, which can resist quantum computers attack. In our scheme, we designate a unique cloud server to test and return the search results, thus can remove the secure channel between the cloud server and the receiver. We have proved that our scheme can achieve ciphertext indistinguishability under the hardness of learning with errors, and can achieve trapdoor security in the random oracle model. Moreover, our scheme is secure against off-line keyword guessing attacks from outside adversary.     

支持策略隐藏且密文长度恒定的可搜索加密方案

属性加密体制是实现云存储中数据灵活访问控制的关键技术之一,但已有的属性加密方案存在密文存储开销过大和用户隐私泄露等问题,并且不能同时支持云端数据的公开审计.为了解决这些问题,该文提出一个新的可搜索属性加密方案,其安全性可归约到q-BDHE问题和CDH问题的困难性.该方案在支持关键词搜索的基础上,实现了密文长度恒定;引入...     

云环境中抵御内部关键字猜测攻击的快速公钥可搜索加密方案

随着云计算的发展,以密文检索为核心的安全和搜索性能问题成为研究的重点。在传统的加密方案中,大多只解决了抵御外部关键字猜测攻击问题,往往忽视了诚实且好奇的云服务器问题。为了提高密文安全性,该文提出快速搜索的抵御内部关键字攻击方案。首先,引入高效的加密倒排索引结构的公钥密文搜索方案,实现关键字的并行搜索任务。其次,在构建密文倒排索引时加入数据拥有者的私钥抵御恶意云服务器的关键字攻击。与传统的公钥可搜索加密相比,该方案在很大程度上增强了搜索系统的安全性和搜索效率。